Logging with DD-WRT

From DD-WRT Wiki

Jump to: navigation, search


[edit] Overview

DD-WRT uses the syslog and klog daemons to log system, kernel, and firewall events. This can be useful for troubleshooting purposes, or just to keep an eye on how your router/network is behaving.

[edit] Setup

Logging is probably disabled by default. To enable it:

  1. Enable Syslogd under the Services tab.
    • If you wish to send logs to a remote system, enter the IP address of that machine which is also running a syslog utility (it needs an open network socket in order to accept logs being sent by the router).
  2. To log firewall events, go to the Security tab and enable the appropriate options under Log Management. (Note: this doesn't function in micro)

That's all there is to it. DD-WRT should now be logging...either locally to /tmp/var/log/messages, or remotely to the IP address you specified earlier.

[edit] Recommended tools

Here are some utilities you may wish to check out if you're logging remotely:

syslog-ng (CYGWIN)
Kiwi Syslog
Link Logger

Linux already has syslogd built in.

[edit] Remote logging with Papertrail

Papertrail provides hosted log management, live in minutes. It's free of charge (if you do not need more than 100MB a month). Setup is easy with a just few of clicks. You can access and see your logs from anywhere in the world by visiting Papertrail web page.

Once you have a Papertrail account, the easiest way to setup the website logging in DD-WRT is to use the unique hostname and port that Papertrail provides to you for your account, and paste it into the Remote Server field.

  1. Go to the Settings tab in Papertrail
  2. Click Log Destinations tab
  3. Copy the url and port number provided (i.e. logs2.papertrailapp.com:xxxxx)
  4. Go to the Services tab in DD-WRT
  5. Enable Syslog on the Services tab
  6. Paste the url from step 3 into the Remote Server field for Syslog
  7. Apply changes, and your router will begin sending logs to the Papertrail website

[edit] Remote logging with Logentries

Logentries is an easy-to-use, self-hosted log management and analytics service for teams of all sizes.

[edit] Displaying logs in your web browser

create a symbolic link in /tmp/www

ln -s /tmp/var/log/messages /tmp/www/log.html

now go to:

(credits to kuthulu for that tip)

If you are on ddwrt v3.0 on a kernel 3.10 and above, you can see your logs by typing:

in your web browser (assuming is IP of your ddwrt router)

[edit] micro versions

Micro versions have a stripped down version of BusyBox, so it might not include the ln command used above. In that case, you can use a different method to view the logs from within your browser, shown below.

Issue the following command from the Web Interface -> Commands section (or via Telnet):

cat /tmp/var/log/messages

As noted in the Setup section, the logfile in micro currently does not show any firewall events, unfortunately.

[edit] Saving the logfile across reboots

If you have some external storage such as a USB hard drive or SD/MMC card, you can probably use a CRON job and/or shutdown script to copy the logfile there.

Another option is to restart the syslog daemon, telling it to save the logfile in a new place. For example:

killall syslogd
syslogd -L -s 8192 -O /opt/var/log/messages
#credits to frater for the commands

Note: If you choose to restart syslogd, you'll probably want to do it in a startup script.

[edit] See Also

dmesg command